Flipping the eval on its head
A new approach to cybersecurity evaluations proposes using language models as constant red-team oracles to empirically compare the attack surfaces of different software implementations, such as OpenSS…
A new approach to cybersecurity evaluations proposes using language models as constant red-team oracles to empirically compare the attack surfaces of different software implementations, such as OpenSS…
AI security firm AISLE discovered six new CVEs in curl, including the oldest latent bug in the project's history, and previously found all 12 zero-day vulnerabilities in OpenSSL's latest security rele…
AskHuman launched a no-install, end-to-end encrypted HTML artifact sharing service for AI agents. The server stores ciphertext for seven days, with decryption keys passed via URL fragments, enabling s…
Puppet has published guidance on remediating 18 OpenSSL vulnerabilities at scale using its infrastructure automation platform. The June 2026 advisory includes a high-severity heap use-after-free bug i…
Neo4j announced support for post-quantum hybrid key exchange in its 2025.01 release to defend against future quantum computer attacks and current Harvest Now, Decrypt Later threats. The feature uses X…
Daytona, a company providing sandboxed environments for running untrusted AI-generated code, announced it is moving its production codebase from open source to closed source, citing security concerns.…
Jaya Baloo, co-founder and CISO of Aisle, argues that risk acceptance is a dangerous fallacy in cybersecurity, urging organizations to address known vulnerabilities rather than panic about AI-driven t…
A developer demonstrated how to bypass Cloudflare WAF and Akamai protections in Python using TLS fingerprinting with the `curl_cffi` library. The tool mimics browser TLS handshakes to avoid detection …
Post-quantum cryptography (PQC) is transitioning from research to practical implementation in embedded and IoT systems, affecting secure boot, TLS, OTA updates, and firmware signing. NIST has finalize…
DARPA's post-AIxCC bounty program led Xint.io to discover CVE-2026-31789, a critical heap buffer overflow vulnerability in OpenSSL that could enable code execution. Xint's AI-powered scan analyzed ove…
The article describes a single-character logic bug discovered in OpenSSL version 4.0.0's implementation of the SLH-DSA post-quantum signature algorithm. The bug occurs in the `slh_dsa_sign()` function…